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Detailed Action 

1. This action is responsive to communication: amendment filed on 

22 July 2004, the original application was filed on 1 December 2000, with acknowledgement of 
a foreign priority date of 3 December 1999. 

2. Due to amendment claims 1-22 are currently pending in this application. Claims 1 and 6 
are independent claims. Claims 1 and 6 have been amended. Claims 19-22 are new. The 
amendments to the claims and specification are accepted. 

Response to Arguments 

3. Applicant's arguments filed 9 March 2004 have been fully considered but they are not 
persuasive. 

In response to applicants argument on page 7, "Thus, Applicant's invention, as recited 
by claim 1, includes a feature which is nether disclosed nor suggested by the art of record, 
namely: ... adding a dynamic host configuration protocol (DHCP) communication options 
to an internet key exchange (IKE) data, when establishing an IKE communication with 
said terminal outside LAN". The office disagrees the reference Bowden et al. 
U.S. Patent No. 6,615,357 (hereinafter '357) teaches the above in col. 2, lines 54-61 and col. 3, 
lines 45-56 "This involves dynamically generating NAT rules and associating them with the 
manual or dynamically generated (EDE) Security Associations, before beginning EP security that 
uses the Security Associations" and "Security associations are negotiated using the 
corresponding internal (NAT rhs) IP addresses, and the NATing of generated NAT rule, in sync 
with connection load to IPsec and IPSec processing in SLIC. Inbound-source IP addresses are 
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translated, as well as the usual source IP address NAT don outbound (with corresponding 
translation of designation IP address on inbound). 

In response to applications argument on page 7 that the reference does not teach 
"distributing a second IP address from a terminal within the LAN to the terminal outside 
the LAN during the IDE communication". The Office disagrees the term "distributing" has 
the same meaning as "translating" which is clearly shown in 6 357; furthermore the "secondary 
address" has the same meaning as the "range of IP addresses" shown in c 3 57 see col. 5 , 
lines 49-65 "In step 24, initiator mode connections are started. When starting an initiator mode 
connection, the connection manager checks if the local client ID is to be translated. If so, the 
connection manager looks for an available IP address for NAT pool" and see col. 4, lines 61-67 
for an explanation of the NAT pool "Although specified on a per remote ID or local ID basis, the 
pools may be managed as three distinct groups of IP addresses. This allows the user to specify, 
for example, the range for multiple remote ID's". 

In response to applicant's argument on page 7, "Bowden does not teach automatically 
providing an IP address as is done by DHCP". The Office disagrees "automatically" and 
"dynamically" has the same meaning see the text cited above. 

Claim Rejections - 35 USC §102 
4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language 
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5. Claims 1-18 are rejected under 35 ILS.C. 102(e) as being anticipated by Boden et al. 
U.S. Patent No. 6,615,357 (hereinafter '357). 

As to independent claim 1, "A Virtual Private Network (VPN) communication 
method employed for a security gateway apparatus connecting between a local area 
network (LAN) and a wide area network (WAN) including a public network, the 
communication method comprising the steps of:" is taught in 6 357 col. 4, lines 60-67; 

"a) distributing a first IP address to a terminal outside said LAN" is shown in '357 
col. 3, line 56 through col. 4, line 15. 

"b) adding a Dynamic Host Configuration Protocol (DHCP) communication option 
to an Internet Key Exchange (IKE) data, when establishing an IKE communication with a 
terminal outside the LAN having a dialup connection with the WAN" is shown in '357 col. 
4, lines 16-27; 

"c) distributing a second IP address from a terminal within the LAN to the to the 
terminal outside the LAN during the IKE communication" and "wherein the gateway 
apparatus designates an IP address for the outside terminal from a tunneled IP packet" is 
disclosed in '357 col. 4, line 51 through col. 5, line 65; 

"d) establishing a Security Architecture for the Internet Protocol (IPsec) 
communication that follows the IKE communication, which includes said first IP address 
and said second IP address, wherein the gateway apparatus designates the first IP address 
for the outside terminal from a tunneled IP packet" is taught in c 357 col. 3, lines 40-65. 

As to dependent 2, "wherein an IP address and a subnet mask address, which have 
same segments as those of the LAN, are distributed to the outside terminal, thereby the 
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outside terminal can be virtually regarded as a terminal on the LAN" is shown in '357 col. 
3, lines 45-56. 

As to dependent claim 3, "wherein the outside terminal is provided, during the IKE 
communication, with a private IP address that is used on the LAN, in a case that the LAN 
is configured with private IP addresses, whereby the outside terminal is allowed to access 
to a terminal on the LAN" is disclosed in '357 col. 4, lines 51-59. 

As to dependent claim 4, "wherein an encryption key and an authentication key are 
exchanged with a public key cryptosystem during the IKE communication" is taught in '357 
col. 5, line 66 through col. 6, line 9 ("encryption key and an authentication key" same as "SA 
pair"). 

As to dependent claim 5, "wherein the DHCP communication option contains an IP 
address and a subnet mask" is shown in '357 col. 4, lines 16-26 ("option" same as "check 
box") ("subnet mask" same as "responder IDci and IDcr NAT flags"). 

As to dependent claims 11 and 12, these claims are substantially similar to above claim 

4 and are rejected along the same rationale. 

As to dependent claims 13 and 14, these claims are substantially similar to above claim 

5 and are rejected along the same rationale. 

As to independent claim 6, this claim is directed to the security gateway apparatus of the 
method of claim 1 and is rejected along the same rationale. 

As to dependent claims 7-10 and 15-18, these claims contain substantially similar 
subject matter as claims 2-5 and 11-14 and are rejected along the same rationale. 
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Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior 
art are such that the subject matter as a whole would have been obvious at the time the invention was made to a 
person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived 
by the manner in which the invention was made. 

7. Claims 19-22 are rejected under 35 U.S.C. 103(a) as being unpatentable over 6 357 in 
further view of Giniger et al. U.S. Patent No. 6,751,729 (hereinafter '729). 

As to dependent claim 19, 
the following is not taught in '357: "wherein said terminal outside the LAN has a dialup 
connection with the WAN" however '729 teaches "In various alternative embodiments, 
different types of communication links 216 are used. For instance, communication link 216 can 
be part of a broadband cable system such as a cable television system, . . . Alternatively, 
communication link 216 is a dial-up analog or ISDN telephone connection, and communication 
interfaces 214 and 222 are modems" in col. 10, lines 9-20. 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to modify the teachings of '357 a method for dynamically generating NAT rules and associating 
them with the manual or dynamically generated (IKE) Security Associations to include a means 
to utilize dialup connections. One of ordinary skill in the art would have been motivated to 
perform such a modification to because to increase flexibility when establishing remote 
connections. As indicated by '729 (see col. 1, lines 33 et seq.) "An important impetus for the 
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adoption of VPN technology by business is the significant cost saving associated with the 
replacement of expensive remote access servers and associated long distance dial-up changes". 

As to dependent claim 20, "wherein said second IP address is automatically 
distributed from the terminal within the LAN to the terminal outside the LAN during the 
IKE communication" is taught in '357 col. 5, lines 49-65 "In step 24, initiator mode 
connections are started. When starting an initiator mode connection, the connection manager 
checks if the local client ID is to be translated. If so, the connection manager looks for an 
available IP address for NAT pool". 

As to dependent claims 21 and 22, these claims contain substantially similar subject 
matter as claims 19 and 20; therefore they are rejected along the same rationale. 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as 
set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to 1 
expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed 
within TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened 
statutory period will expire on the date the advisory action is mailed, and any extension fee 
pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In 
no event, however, will the statutory period for reply expire later than SIX MONTHS from the 
mailing date of this final action. 
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8. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 



9. Any inquiry concerning this communication or earlier communications from the 

examiner should be directed to Ellen C Tran whose telephone number is 

(571) 272-3842. The examiner can normally be reached from 6:30 am to 3:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 

Gregory A Morse can be reached on (571) 272-3838. The fax phone number for the 

organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent Application 

Information Retrieval (PAIR) system. Status information for published applications may be 

obtained from either Private PAIR or Public PAIR. Status information for unpublished 

applications is available through Private PAIR only. For more information about the PAIR 

system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 

PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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